{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T23:28:12.878","vulnerabilities":[{"cve":{"id":"CVE-2024-42468","sourceIdentifier":"security-advisories@github.com","published":"2024-08-12T13:38:34.970","lastModified":"2026-06-17T07:49:30.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch."},{"lang":"es","value":"openHAB, un proveedor de software de automatización del hogar de código abierto, tiene complementos que incluyen el complemento de visualización CometVisu. CometVisuServlet en versiones anteriores a la 4.2.1 es susceptible a una vulnerabilidad de Path Traversal no autenticada. Los archivos locales en el servidor se pueden solicitar a través de HTTP GET en el CometVisuServlet. Este problema puede dar lugar a la divulgación de información. Los usuarios deben actualizar a la versión 4.2.1 del complemento CometVisu de openHAB para recibir un parche."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"openhab","product":"openhab-webui","versions":[{"version":"< 4.2.1","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"openhab","product":"openhab_webui","defaultStatus":"unknown","cpes":["cpe:2.3:a:openhab:openhab_webui:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"4.2.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-13T18:39:19.637425Z","id":"CVE-2024-42468","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openhab:openhab:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.1","matchCriteriaId":"8140B9BF-E3FB-4946-80AE-90E607364AB2"}]}]}],"references":[{"url":"https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/servlet/CometVisuServlet.java#L75","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98w","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}